I setup a sandboxed iframe parent/child in which I call in a remote content from an html page for sake of example we will say: http://127.0.0.1/ui.html

This remote page includes some content from a third party website (an embedded youtube video, and some external JS includes), as well as its own content. I also have setup functions which I have exposed to the parent and can call them. (simple alerts)

I cannot view the embedded video, or include any scripts residing outside the sandboxed url path the remote content or any content included (outside of the ui.html).